sql injection vulnerabilities and exploits

(subscribe to this query)

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.

Sql-ledger Sql-ledger 2.8.24

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Ser...

Microsoft Sql Server Management Studio 17.9 Microsoft Sql Server Management Studio 18.0

1 EDB exploit

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Serv...

Microsoft Sql Server Management Studio 17.9 Microsoft Sql Server Management Studio 18.0

1 EDB exploit

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Ser...

Microsoft Sql Server Management Studio 17.9 Microsoft Sql Server Management Studio 18.0

1 EDB exploit

SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 prior to 5.1.0.117, 5.2 prior to 5.2.0.296, and 6.0 prior to 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Cisco Security Agent 5.1 Cisco Security Agent 5.2 Cisco Security Agent 6.0

SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) prior to 1.2.15 and (2) SQL-Ledger 2.8.17 and previous versions allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Ledgersmb Ledgersmb Sql-ledger Sql-ledger

Microsoft SQL Server 2000 SP2, when configured as a distributor, allows malicious users to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.

Microsoft Sql Server 2000

1 EDB exploit

Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and previous versions; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows I...

Microsoft Sql Server 2000 Microsoft Sql Server 2005

3 EDB exploits1 Github repository

SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the news.php parameter.

Mrcgiguy Hot Links Sql-php

1 EDB exploit

Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote malicious users to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to det...

Duware Duportal 3.1.2 Duware Duportal 3.1.2 Sql

4 EDB exploits

« PREV 1 2 3 4 5 6 7 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook